topic Re: how to use transaction to Group multiple events with field values in a specific order in Splunk Search

how to use transaction to Group multiple events with field values in a specific order

qiuxiaoping — Sat, 01 Aug 2020 10:35:20 GMT

hello , i have many logs like:

"_time1 user=A eventid =45"

"_time2 user=A eventid=46"

"_time3 user=A eventid=48"

"_time4 user=B eventid=45"

"_time5 user=A eventid=46"

i want to transaction new event like:

"_time1 user=A eventid=45

_time2 user=A eventid=46

_time3 user=A eventid=48"

Re: how to use transaction to Group multiple events with field values in a specific order

to4kawa — Sat, 01 Aug 2020 11:19:39 GMT

what is the conditions?

Re: how to use transaction to Group multiple events with field values in a specific order

qiuxiaoping — Sat, 01 Aug 2020 16:23:20 GMT

hello

conditions are:

if user=A, and The eventid values of the three events are 45, 46 and 48 in sequence，then group this three event。

Re: how to use transaction to Group multiple events with field values in a specific order

qiuxiaoping — Wed, 05 Aug 2020 07:36:12 GMT

hello

conditions are:

if user=A, and The eventid values of the three events are 45, 46 and 48 in sequence，then group this three event。

Re: how to use transaction to Group multiple events with field values in a specific order

to4kawa — Wed, 05 Aug 2020 08:46:53 GMT

see the command reference.

Re: how to use transaction to Group multiple events with field values in a specific order

qiuxiaoping — Thu, 06 Aug 2020 01:54:00 GMT

Thankyou for your help. i try your sample case . but it does not meet my request. In my request, 45, 46, and 48 must appear strictly in this order . I have added some content based on yours. pls help me .